From ce4939ff70890fa658a4095b9fe457f8432b2575 Mon Sep 17 00:00:00 2001 From: Noah Misch Date: Sat, 25 Jul 2020 14:50:59 -0700 Subject: [PATCH] Use RAND_poll() for seeding randomness after fork(). OpenSSL deprecated RAND_cleanup(), and OpenSSL 1.1.0 made it into a no-op. Replace it with RAND_poll(), per an OpenSSL community recommendation. While this has no user-visible consequences under OpenSSL defaults, it might help under non-default settings. Daniel Gustafsson, reviewed by David Steele and Michael Paquier. Discussion: https://postgr.es/m/9B038FA5-23E8-40D0-B932-D515E1D8F66A@yesql.se --- src/backend/postmaster/fork_process.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/backend/postmaster/fork_process.c b/src/backend/postmaster/fork_process.c index def3cee37e..15d6340800 100644 --- a/src/backend/postmaster/fork_process.c +++ b/src/backend/postmaster/fork_process.c @@ -109,10 +109,12 @@ fork_process(void) } /* - * Make sure processes do not share OpenSSL randomness state. + * Make sure processes do not share OpenSSL randomness state. This is + * no longer required in OpenSSL 1.1.1 and later versions, but until + * we drop support for version < 1.1.1 we need to do this. */ #ifdef USE_OPENSSL - RAND_cleanup(); + RAND_poll(); #endif }